Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Ascend Communications (ASND) -- Ignore unavailable to you. Want to Upgrade?

To: Glenn D. Rudolph who wrote (32805)	2/1/1998 6:34:00 PM
From: Gary Korn	Respond to of 61433

2/2/98 Computer Reseller News 63 (see BOLD: Article on RAS) 1998 WL 2189800 Computer Reseller News Copyright 1998 CMP Publications Inc. Monday, February 2, 1998 774 Features:Remote Access Routing All Calls Through One Point Of Access --- Ascend Communications, 3Com and Cisco Systems will roll out new access concentrators and face added competition in a market growing 50 percent annually Daniel Lyons Competition is heating up in the remote-access market, and VARs stand to benefit from a slew of new products later this year that will bring better performance and lower prices to the market. The so-called "Big Three" remote-access vendors-3Com Corp., Ascend Communications Inc. and Cisco Systems Inc.-all will introduce new access concentrators this year. Meanwhile, other networking vendors such as Bay Networks Inc. and Cabletron Systems Inc., which traditionally have not been big players in remote access, are launching new assaults on the market. Lucent Technologies Inc. also joins the fray through its acquisition of Livingston Enterprises Inc., now known as Lucent's Remote Access Business Unit. Those vendors are being drawn in by projections from market researchers such as Dataquest Inc., which estimates the market for remote-access concentrators will grow more than 50 percent annually for the next several years, with prices per-port dropping at a rate of 12 percent per year. The biggest market for access concentrators will be the 4,000 or so Internet service providers (ISPs) in the United States, said Craig Johnson, principal analyst at Dataquest, based in San Jose, Calif. The good news for VARs is that networking vendors recognize their best route to reach ISPs is through resellers. "All of the vendors are looking for qualified VARs to help them expand their coverage. Qualified VARs who can sell into this market are in a very good position, and it's going to get even better," Johnson said. Not only will VARs have vendors fighting over them, they also will be able to choose from among a new generation of products that make life easier for resellers by integrating technologies that previously had to be bought separately. Technologies for tunneling, virtual private networks (VPNs), encryption, bandwidth management, firewall security and routing will start to show up in a single hardware platform rather than in separate boxes. The new servers also open new opportunities for resellers. While first-and second-generation products supported only text-based applications such as E-mail and Web-based applications such as Web browsing, the new generation of access servers enables advanced multimedia-based applications such as virtual network tunneling, data encryption and network conferencing for a large number of concurrent connections. [For Gary(not Korn): One such product is the the AS5300 remote-access server from Cisco, San Jose. Cisco made strong inroads with a new "next-generation" access concentrator and is appealing to ISPs and large enterprise customers with the promise of providing an "end-to-end" networking solution of which remote access is only one component. Maximum configuration on the AS5300 is 96 ports, at $468 per port, bringing the total price to about $45,000. "That's the best pricing in the market," said Tim McShane, director of product marketing for access servers at Cisco. The AS5300 leapfrogged other products in the market in terms of functionality and performance and helped Cisco take share away from other companies, the vendor said. "From 1996 to the third quarter of 1997, we went from having very little, almost negligible, market share to having a market share in the high teens," McShane said. "We're feeling very good about the trajectory." The company most threatened by Cisco's new onslaught is 3Com, Santa Clara, Calif., if only because it currently is a top player in the market, with 36 percent of shipments and 40 percent of revenue, according to Dataquest. 3Com owes its presence in the remote-access market to its merger with U.S. Robotics, whose Total Control product line traditionally has been a market leader. 3Com recently integrated the Total Control technology into its SuperStack II platform, creating a stackable remote-access solution with a $350-per-port price point. The new SuperStack II Remote Access 3000 system comes in a base configuration with 24 ports and can be expanded with extra 24-port modules as a company's needs grow. "With this product, we're reaching a part of the market that no other manufacturer is hitting-the midsize company," said Kathleen Marini, product marketing manager at 3Com. "It allows a company to cost-effectively implement remote access at the port count they need." Price for the Remote Access 3000 concentrator is $7,495. A router for the concentrator is $2,995. An optional redundant power supply costs $2,995. Chasing 3Com for the market-leading position is Ascend Communications, in Alameda, Calif., which has 33 percent of ports shipped and 30 percent of revenue, according to Dataquest. Not long ago, Ascend had the remote-access market more or less to itself. Now, however, the company finds itself facing ever more intense competition. "The market has become very crowded," said Kurt Bauer, vice president of access product management at Ascend. "The business has exploded, and all sorts of new players have come along." Ascend sells a range of remote-access products-from the low-end 200 Plus, which supports eight concurrent users and costs less than $3,000, up to the carrier-class MAX TNT WAN-access switch, which can support thousands of concurrent sessions. At the heart of the product line is the MAX 4048, which was released early last year and supports up to 48 ports. [Korn: Not much here on new ASND products,like the DSLTNT] Bay Networks, Santa Clara, offers a high-end carrier-class product called the Model 5399 Remote Access Concentrator, which is used in the System 5000 Multi-Service Switch. The product is the only concentrator that can support either x2 or K56flex technologies for 56-Kbit-per-second modems. "With other vendors you have to choose one technology over the other-your choices get limited. For our ISP customers, this is a hugely important issue," said Rohit Mehra, Bay Networks senior product manager. Bay Networks strengthened its presence in the remote-networking arena through its acquisition of New Oak Communications Inc. Within days of the purchase, Bay Networks unveiled plans for a new remote-access product designed for midsize companies and ISPs, the NOC 2000 extranet-access switch, which supports up to 200 concurrent remote users. Lucent, Murray Hill, N.J., is differentiating its PortMaster 3 product on the basis of performance. Price-per-port is about $250, said Marty Likier, product marketing manager. The 60-port PortMaster 3 is aimed at small and midsize ISPs. Later this year, Lucent will introduce its next-generation product, the PortMaster 4, which supports more than 600 ports, Likier said. ---- INDEX REFERENCES ---- COMPANY (TICKER): Ascend Communications Inc.; Cisco Systems Inc.; 3Com Corp. (ASND CSCO COMS) NEWS SUBJECT: World Equity Index; High-Yield Issuers (WEI HIY) INDUSTRY: Communications Technology; Telecommunications, All (CMT TEL) Word Count: 1011 2/2/98 COMRSNWS 63 END OF DOCUMENT

To: Glenn D. Rudolph who wrote (32805)	2/1/1998 6:36:00 PM
From: Gary Korn	Respond to of 61433

2/2/98 CommunicationsWeek 1 (see BOLD) 1998 WL 2379978 InternetWeek Copyright 1998 CMP Publications Inc. Monday, February 2, 1998 700 News & Analysis VPNs, Warts And All -- Roundtable participants note shortcomings of nascent IP technology, but benefits sustain user interest Salvatore Salamone Washington, D.C. -- a VPN might be a godsend for your remote users and the cor-porate backbone. But for service providers, it's just another in a growing list of IP services. That's not scaring off users, who can make a compelling business case for virtual private networks. But these early adopters face significant problems. They lack turnkey providers for services, equipment and administration. Plus, so-called performance guarantees cover nothing more than network availability. For latency, end-to-end performance or guaranteed response times, you're on your own. Those were two of the primary conclusions drawn, ironically, by leading equipment and service providers convened by Internet-Week for a VPN roundtable here last week. "For the next five years, complex corporate data will not rely solely on public IP networks," said Bob Smith, senior marketing manager for MCI's Internet products and services. "You'll see hybrid networks that combine existing access [technologies] with VPNs," said Denise Grey, managing director of AT&T's Global Business IP Services. What needs to be done before IT managers will go hog-wild for VPNs is for the service providers to address performance issues and provide more help in administering these networks. For instance, most roundtable participants agreed that no single vendor or service provider can supply the combination of equipment, services, support and management tools that corporations would like to get. "We end up marrying a company with a carrier," said Thomas Pincince, founder of New Oak Communications Inc., which last week became part of Bay Networks' extranet access division. Users contacted after the roundtable validated the views of the roundtable participants. "We've decided to cobble together something ourselves that lets us link sites over a VPN," said Andrew Milner, a network administrator at Gendall Pharmaceutical Supplies Corp., a medical supplies distributor. Milner took advantage of a software upgrade from his router vendor, whom he would not name, that included support for VPNs to link five regional centers. He linked the sites over existing T1 Internet access lines. Milner and other users said they would have considered VPNs from a service provider, but there were too many pieces missing. "There is often no incentive to buy anything but access from an ISP," said Raymond Lopez, an independent remote access consultant. He notes that most ISPs offer services like 7-day by 24-hour support and management of the equipment on a user's site for their access services, and very little beyond that for VPN services. "Every large customer wants service level agreements," said MCI's Smith. And they want to know "what we are doing to improve them," he said. The VPN services announced to date by the major backbone service providers all include SLAs that offer either service credits or refunds if the network is down more than a certain number of minutes per day. However, none of the SLAs offer end-to-end latency guarantees (InternetWeek, Dec. 15, 1997). There are a number of reasons for this. For instance, end-to-end VPN performance depends in part on client performance. However, there are areas where service providers can step up and help improve the performance of some VPN applications. For instance, providers "can deploy technology that lets them control latency and congestion," said Robert Redford, director of service provider marketing at Cisco. He noted, for example, that an ISP could use quality-of-service (QoS) features in routers and switches to give VPN traffic higher priority as it passes over a network. However, even as most of the national Internet backbone operators are moving to higher speed networks and incorporating QoS features, there is a major performance limitation that will prevent latency-related SLAs from being available in the foreseeable future. ISPs have no control over performance once traffic crosses from one provider's backbone to another. "Once you get to a NAP [Network Access Point], pray," said Timothy Kraskey, vice president of marketing in Ascend's core systems division. The service providers present at the roundtable did not believe there would be any relief in this area anytime soon. "What's the motivation for carriers to offer QoS relationships" between each other's networks, Smith asked. "The incentive will have to be financial," said Pushpendra Mohta, executive vice president of TCG CERFnet, whose parent, Teleport Communications Group Inc., is being acquired by AT&T. He noted that for years telcos have been able to handle the issues of compensating each other for handling traffic, but a similar system does not exist for ISPs. It all comes down to settlement agreements, according to Gregg Lebovitz, service line manager of GTE's managed security services. "Look at cellular," he said, noting that that industry has worked out agreements on how to handle billing for carrying traffic between networks. Word Count: 772 2/2/98 COMMWK 1 END OF DOCUMENT

To: Glenn D. Rudolph who wrote (32805)	2/1/1998 6:39:00 PM
From: Gary Korn	Read Replies (1) \| Respond to of 61433

2/2/98 CommunicationsWeek 8 (see BOLD 1998 WL 2379990 InternetWeek Copyright 1998 CMP Publications Inc. Monday, February 2, 1998 700 News & Analysis Breaking Barriers -- Start-up Netcore plans a terabit switch router; other vendors to follow suit Saroja Girishankar Start-up NetCore Systems Inc. is building an ultra high-end switch router that promises to handle network traffic at terabit speeds. Netcore's Everest will reportedly switch or route more than a billion packets per second either as ATM cells or IP packets. ISPs, carriers and multinational conglomerates are already candidates for such a product. Mushrooming Internet traffic has service providers hunting for backbone devices that can prevent potential network bottlenecks. "It is vital that we find routing and switching products that support higher bandwidths such as OC-48 [and OC-192] to handle exploding network traffic," said Alan Taffel, vice president at Uunet Technologies Inc., one of the largest ISPs. [KORN: This is great for the GBX550] A host of start-ups, populated by entrepreneurial talent from Bay Networks, Cisco, Cascade Communications, now part of Ascend Communications, and other networking vendors, are developing the high-end devices. But industry heavyweights such as Cisco and Ascend do not even get mentioned in the terabit and similar high-end spaces. The small band of pioneers includes Avici Systems Inc., Argon Networks Inc., formerly called GigaPacket Networks Inc., Juniper Networks Inc. and Nexabit Networks. Avici and Juniper are IP router makers whereas Netcore and Argon produce combination ATM switch and IP router devices. Sources close to Netcore said the switch lets IP packet and ATM cell traffic flow over the same physical WAN interface. This would significantly reduce the number of WAN pipes required. The sources said the device, expected to roll out in the third quarter, will support 640 Gbps and have 64 OC-48 ports. Later versions will use wave division multiplexing and handle traffic at multiterabit-per-second speeds. Quality-of-service features and SNMP management support will be available, along with redundancy for every routing path. Frank Dzubeck, president of consultancy Communications Network Architects Inc., warns that none of these products are ready for prime time. "The question is whether they will be ready when they are needed," he said. Word Count: 313 2/2/98 COMMWK 8 END OF DOCUMENT

To: Glenn D. Rudolph who wrote (32805)	2/1/1998 6:40:00 PM
From: Gary Korn	Respond to of 61433

2/2/98 CommunicationsWeek 31 (see BOLD) 1998 WL 2380031 InternetWeek Copyright 1998 CMP Publications Inc. Monday, February 2, 1998 700 Bandwidth Technology Primer Remote Access Authentication Coming Of Age Salvatore Salamone The booming growth in telecommuting and the need to support more remote workers are making life tough for IT managers. Besides the usual tasks of maintaining remote access server (RAS) equipment, managers often find their time consumed by administering access rights and authentication privileges on several geographically dispersed RASes at the same time. Enter the Remote Authentication Dial In User Service. RADIUS is a commonly used authentication system. Most remote access equipment vendors, including 3Com Corp., Ascend Communications, Bay Networks, Livingston Enterprises Inc. and Shiva Corp., support RADIUS in their RASes. Additionally, Microsoft now includes RADIUS support as part of its Windows NT Routing and Remote Access Server software. For IT managers, the main attraction of RADIUS is that it lets them simplify administration of user authentication by keeping a central database of access rights. "We used to go crazy trying to keep access rights current on different pieces of equipment," said Arnold Lafreniere, a network administrator at Levinton Electronics Corp., an electronics component manufacturer. "Every time someone changed jobs, left the company, or traveled and called in from the road, we had to change access rights on two or three RASes." RADIUS avoids such problems. IT managers can use a single RADIUS server to authenticate users dialing into multiple RASes. With RADIUS, IT managers maintain a single authentication database. All users dialing into a network are authenticated against this database. For such centralized authentication to work, RASes must securely communicate with a RADIUS server and verify that the user meets certain conditions before allowing the user to gain access to the network. The process of authentication is transparent to the user dialing in. When a user places a call into a RAS, a Point-to-Point Protocol (PPP) session is initiated. The RAS takes authentication information, such as a user name and password, and passes this information to the RADIUS server. If the user is in the database and has access privileges to the network, the RADIUS server signals the RAS that it is OK to continue the process. At the same time, the RADIUS server also sends what is called profile information about the user to the RAS. The profile can include information such as the user's IP address, the maximum amount of time the user can remain connected to the network and the phone number the user is allowed to dial to access the network. The RAS takes this information and checks to make sure the call meets the criteria of the checklist items. If the conditions are met, the PPP negotiation with the caller is completed and the user is granted access. If the user does not meet the conditions-say the person called using a number reserved for other people in the company-the call is terminated. A single RADIUS server can support all the RASes in a corporation. This lets a manager set access policies and user access privileges once and apply them no matter which RAS the user calls in on. Using The Data Depending on the level of security an organization wants to maintain, IT managers have two choices for handling the transaction between the user and the RAS. PPP supports both the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP). PAP is easier to use but offers lower security. With PAP, users typically send passwords to the RAS unencrypted in plain text format. The RAS encrypts the password and sends it to the RADIUS server, which decrypts the password. The RADIUS server then validates the password against its database, against a NetWare Bindery or Novell Directory Service or against a Microsoft NT Domain or Workgroup list. If a manager does not want to have users sending passwords unencrypted to the RAS, CHAP is the option. With CHAP, the RAS challenges the user to prove his or her identity. This is accomplished by the RAS generating a random number and sending it to the user. The user's PPP client creates what is called a digest that encrypts the password using the "challenge." This digest is sent to the RAS, which then passes it to the RADIUS server. The RADIUS server creates a digest using its copy of the user's password. If the two digests match, it means the user is indeed who he or she claims to be and is authenticated by the RADIUS server. The benefit of this approach is that a user's password never passes unencrypted over the dial-up portion of the link. Regardless of the method used to authenticate the user, the RADIUS server then returns a profile of the user's attributes to the RAS. An IT manager creates the attributes by defining a set of requirements for each user or group of users to access the network. This might include such things as the time of day a user can access the network or whether the user is allowed to use an ISDN connection. This set of criteria for access is passed from the RADIUS server to the RAS, where specific conditions of each call are checked. RADIUS' central database of access information is ripe for use in other ways. But until recently, it was considered too hard to get at to be of any use. For instance, while RADIUS servers track a user's logon and logoff information, it has been hard to correlate that information across multiple RASes because there has been no simple way to extract and compare just that portion of a much larger RADIUS accounting database. IT managers who wanted to use the information for other purposes, like tracking usage patterns to aid in planning equipment upgrades, needed to write customized programs. Management Control Within the past three months, several RAS companies have taken steps to change this situation. In December, Livingston Enterprises introduced the RADIUS Authentication Billing Manager (ABM), a line of remote access management servers that take the usage information from a RADIUS database and link it with business processes such as customer billing and network trend analysis. Livingston's RADIUS ABM includes a suite of applications such as Trend Builder and Integrated Billing applications. Other vendors marry the information in a RADIUS database to security features in their own products to give a manager more targeted access control. For instance, Ariel Corp. combines user authentication information in a RADIUS database with a caller ID feature in its RASCAL line of RASes to offer a call-blocking feature. Essentially, the RASCAL determines the phone number from which a user has dialed into the RAS. If that number does not match the authorized numbers in RADIUS from which that user is allowed to dial in, the call is automatically blocked. Such tools are likely to become more important as companies want to take more control over their networks. "There's a wealth of untapped information in RADIUS databases," Lafreniere said. For example, RADIUS includes a number of standard accounting and reporting features. A RADIUS server, for example, can maintain a history of all user sessions. This could include a record of the start and stop time and duration of every session for each user. A manager might use this information to track total connect time and peak connection periods to help identify usage patterns. Or, the information could be used by an IT department to bill back business units for usage of the network. Word Count: 1217 2/2/98 COMMWK 31 END OF DOCUMENT